funsec mailing list archives
Re: JavaScript: A Tool, A Weapon
From: coderman <coderman () gmail com>
Date: Sat, 5 Jan 2008 00:36:34 -0800
On Jan 4, 2008 1:24 PM, <Valdis.Kletnieks () vt edu> wrote:
... I was whining about the Javascript sandbox being basically busticated...
the trick is to use a bigger sandbox. virtual machines for browser appliances with distinct sessions and address space is good thing; just heavy weight at the moment... (i think this is the sort of model used in bitfrost for the OLPC) i suppose you could also use a perfectly secure browser and only perfectly secure sites without worry, however, i see that likely as instantaneous heat death of the universe in the next 60 seconds... until then, make sure that when your web client shits all over itself and all open sessions and maybe even the os, you've got a leak resistant vm diaper (or other method) to contain the refuse. flushing is as simple as rebooting an iso/ramdisk browser appliance. *grin* best regards, p.p.s. yes, i know vm's are not a panacea or silver bullet. however, vm's do isolate a number of problems with shared localhost, sessions and browser context that is just asking for pwnies on the web2.0 largess of today's www. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- JavaScript: A Tool, A Weapon Paul Ferguson (Jan 03)
- Re: JavaScript: A Tool, A Weapon silky (Jan 04)
- Re: JavaScript: A Tool, A Weapon Valdis . Kletnieks (Jan 04)
- Re: JavaScript: A Tool, A Weapon coderman (Jan 05)
- Re: JavaScript: A Tool, A Weapon B Potter (Jan 05)
- Re: JavaScript: A Tool, A Weapon Valdis . Kletnieks (Jan 04)
- RE: JavaScript: A Tool, A Weapon Hubbard, Dan (Jan 04)
- Re: JavaScript: A Tool, A Weapon silky (Jan 04)
- Re: JavaScript: A Tool, A Weapon Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 05)
- <Possible follow-ups>
- Re: JavaScript: A Tool, A Weapon Paul Ferguson (Jan 05)
- Re: JavaScript: A Tool, A Weapon Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 05)